Description

This is a Trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.

Virus Characteristics

“Generic FakeAlert.fi" is a malicious Trojan that may represent security risk for the compromised system and/or its network environment.
FakeAlert families are commonly found to be installed by other Trojan downloader. These Trojans usually arrive as e-mail attachments or via drive-by-download attacks exploiting vulnerabilities in Windows and third-party applications.

Upon execution, Trojan connects to the following URL.

wiki-72[Removed]66.com

wig[Removed]beg.com

wil[Removed]an.com

owd[Removed]ralub.com

y[Removed]ogreat.com

thegr[Removed]b.com

wayz[Removed]den.com

After execution the Trojan displays the following Fake Alert messages:

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).